Slide 8
Slide 8 text
I01: INSECURE
COMMUNICATION
Insecure communication can pose a significant security
threat: on-path attacks, spoofing, credential stuffing, brute
force, phishing, malicious API requests, etc.
● The Istio permissive security setting is useful but
insecure as it accepts plaintext and encrypted traffic.
● A strict security setting would force all
communication to be secure
Mitigation:
● Enable mTLS through a PeerAuthentication policy on
namespace or wide mesh (istio-system namespace).
● If permissive mode is required, use
AuthorizationPolicy to restrict traffic on plaintext.
@jcchavezs